CVE-2013-2034

Multiple cross-site request forgery (CSRF) vulnerabilities in Jenkins before 1.514, LTS before 1.509.1, and Enterprise 1.466.x before 1.466.14.1 and 1.480.x before 1.480.4.1 allow remote attackers to hijack the authentication of administrators for requests that (1) execute arbitrary code or (2) initiate deployment of binaries to a Maven repository via unspecified vectors.

Published: May 14, 2014
Updated: May 9, 2024
CVE: CVE-2013-2034
GHSA: GHSA-fg4r-f9j2-36mw
Severity: Medium
Exploit:

CVSS v2:

Severity: Medium
Score: 6.8
AV:N/AC:M/Au:N/C:P/I:P/A:P

CWEs:

CWE-352

Affected Software
References

Software	From	Fixed in
jenkins / jenkins	-	1.513.x
jenkins / jenkins	1.466	1.466.x
jenkins / jenkins	1.480	1.480.x
jenkins / jenkins	1.509	1.509.x
org.jenkins-ci.main / jenkins-core	-	1.509.1
org.jenkins-ci.main / jenkins-core	1.513	1.514

http://osvdb.org/92981
http://www.cloudbees.com/jenkins-advisory/jenkins-security-advisory-2013-05-02.cb
https://access.redhat.com/errata/RHEA-2013:1032
https://access.redhat.com/security/cve/CVE-2013-2034
https://bugzilla.redhat.com/show_bug.cgi?id=958958
https://issues.jenkins-ci.org/browse/SECURITY-63
https://issues.jenkins-ci.org/browse/SECURITY-69
https://wiki.jenkins-ci.org/display/SECURITY/Jenkins+Security+Advisory+2013-05-02

Vulnerability Database

289,599

CVE-2013-2034